app.get('/bin/user.js', nocache, function (req, res, next) {
var userfields = 'avatar name bincount created pro settings';
var user = _.pick.apply(_, [req.session.user || {}].concat(userfields.split(' ')));
if (!user.avatar && req.session.user) {
req.session.user.avatar = user.avatar = req.app.locals.gravatar(req.session.user);
}
if (user.avatar) {
user.large_avatar = req.app.locals.gravatar(req.session.user, 120);
}
if (req.session.user) {
sandbox.models.user.load(req.session.user.name, function (err, data) {
user.settings = data.settings;
res.render('user', {
user: JSON.stringify(user),
layout: false,
})
})
} else {
res.render('user', {
user: JSON.stringify(user),
layout: false,
})
}
});
var run = function() {
if (opts.debug) {
console.log(opts.method+" "+opts.uri+" ...");
}
// Cloning keeps the opts parameter clean:
// - some versions of "request" apply the second parameter as a
// property called "callback" to the first parameter
// - keeps the query object fresh in case of a retry
// Doing parse/stringify instead of _.clone will do a deep clone and remove functions
var ropts = JSON.parse(JSON.stringify(opts));
if (!ropts.headers) {
ropts.headers = {};
}
if (ropts.forceUTF8) {
if (!ropts.headers["Accept-Charset"] && !ropts.headers["accept-charset"]) {
ropts.headers["Accept-Charset"] = 'utf-8;q=0.7,*;q=0.3';
}
if (!ropts.encoding) {
ropts.encoding = null;
}
}
if (!ropts.encoding) {
ropts.headers["Accept-Encoding"] = "gzip";
ropts.encoding = null;
}
if (ropts.userAgent) {
ropts.headers["User-Agent"] = ropts.userAgent;
}
var requestArgs = ["uri","url","qs","method","headers","body","form","json","multipart","followRedirect","followAllRedirects",
"maxRedirects","encoding","pool","timeout","proxy","oauth","strictSSL","jar","aws"];
var req = request(_.pick.apply(this,[ropts].concat(requestArgs)), function(error,response,body) {
if (error) {
return self.onContent(error, opts);
}
response.uri = opts.uri;
// Won't be needed after https://github.com/mikeal/request/pull/303 is merged
if (response.headers['content-encoding'] && response.headers['content-encoding'].toLowerCase().indexOf('gzip') >= 0) {
zlib.gunzip(response.body, function (error, body) {
if (error) {
return self.onContent(error, opts);
}
response.body = body.toString(req.encoding);
self.onContent(error,opts,response,false);
});
} else {
self.onContent(error,opts,response,false);
}
});
};
_process: function(fn, snap) {
var dat = snap.val();
if (this.fields && typeof dat === 'object') {
dat = _.pick.call(_, dat, this.fields);
}
if( this.filter(dat, snap) ) {
fn.call(this, snap.name(), this.parse(dat, snap));
}
},
self.request = function(opts) {
// console.log("OPTS",opts);
if (useCache(opts)) {
var cacheData = self.cache[opts.uri];
//If a query has already been made to self URL, don't callback again
if (cacheData) {
// Make sure we actually have cached data, and not just a note
// that the page was already crawled
if (_.isArray(cacheData)) {
self.onContent(null,opts,cacheData[0],true);
} else {
release(opts);
}
return;
}
}
if (opts.debug) {
console.log(opts.method+" "+opts.uri+" ...");
}
// Cloning keeps the opts parameter clean:
// - some versions of "request" apply the second parameter as a
// property called "callback" to the first parameter
// - keeps the query object fresh in case of a retry
// Doing parse/stringify instead of _.clone will do a deep clone and remove functions
var ropts = JSON.parse(JSON.stringify(opts));
if (!ropts.headers) ropts.headers={};
if (opts.forceUTF8) {
if (!ropts.headers["Accept-Charset"] && !ropts.headers["accept-charset"]) ropts.headers["Accept-Charset"] = 'utf-8;q=0.7,*;q=0.3';
if (!ropts.encoding) ropts.encoding=null;
}
var requestArgs = ["uri","url","qs","method","headers","body","form","json","multipart","followRedirect","followAllRedirects",
"maxRedirects","encoding","pool","timeout","proxy","oauth","strictSSL","jar","aws"];
//console.log(_.pick.apply(this,[ropts].concat(requestArgs)));
var opts_ = _.pick.apply(this,[ropts].concat(requestArgs));
if(opts.jar)
opts_['jar'] = jar_;
request(opts_, function(error,response,body) {
if (error) return self.onContent(error, opts);
//console.log(jar_)
response.uri = opts.uri;
self.onContent(error,opts,response,false);
});
};
columns = _.map(metadata.columns, function (cell) {
var cellOptionKeys = ['name', 'label', 'renderable', 'editable', 'sortable'],
cellOptions = _.extend({}, defaultOptions, _.pick.apply(null, [cell].concat(cellOptionKeys))),
extendOptions = _.omit.apply(null, [cell].concat(cellOptionKeys.concat('type'))),
cellType = modules[helpers.cellType(cell.type)];
if (!_.isEmpty(extendOptions)) {
cellType = cellType.extend(extendOptions);
}
cellOptions.cell = cellType;
return cellOptions;
});
columns = _.map(metadata.columns, function(cell) {
var cellOptionKeys = ['name', 'label', 'renderable', 'editable', 'sortable', 'sortingType', 'align',
'order', 'manageable', 'required', 'shortenableLabel'];
var cellOptions = _.extend({}, defaultOptions, _.pick.apply(null, [cell].concat(cellOptionKeys)));
var extendOptions = _.omit.apply(null, [cell].concat(cellOptionKeys.concat('type')));
var cellType = modules[helpers.cellType(cell.type)];
if (!_.isEmpty(extendOptions)) {
cellType = cellType.extend(extendOptions);
}
cellOptions.cell = cellType;
return cellOptions;
});
jsbin: function (bin, options) {
var panels = Object.keys(_.pick(bin, 'html', 'javascript', 'css')).filter(function (panel) {
return !!bin[panel].trim();
}).concat('live');
if (!options.metadata) {
options.metadata = {};
}
if (options.metadata.email) {
options.metadata.avatar = this.helpers.gravatar(options.metadata);
}
options.metadata = _.pick.apply(_, [options.metadata].concat('archive avatar created last_login name pro summary updated visibility'.split(' ')));
// this value isn't always present in anonymous metadata
options.metadata.last_updated = bin.created;
var statik = options.static || options.root;
var runner = this.helpers.runner;
if (statik.indexOf('https') === 0) {
// then ensure the runner is also https
if (runner.indexOf('https') === -1) {
runner = runner.replace(/http/, 'https');
}
}
return {
root: options.root,
shareRoot: options.shareRoot,
runner: runner,
static: statik,
version: options.version,
state: {
token: options.token,
stream: false,
streaming: this.models.bin.isStreaming(bin),
code: bin.url || null,
revision: bin.url ? (bin.revision || 1) : null,
processors: bin.settings.processors || {},
checksum: options.checksum || null,
metadata: options.metadata,
},
settings: options.settings ? _.extend(options.settings, { panels: panels }) : { panels: panels }
};
},
function(err, results){
// results=[
// {
// "_id": {
// "year": 2009
// },
// "total": 5245
// },
// {
// "_id": {
// "year": 2010
// },
// "total": 4751
// }
// ];
if (err) {
logger.error('stats 1, err=',err);
deferred.reject(false);
}
var out={};
_.each(results, function(result){
out[result._id.year]=result.total;
});
var defaultResult=_.object(years, zeros(years.length));
out=_.pick.apply(null,[out,years]);
out=_.extend(defaultResult, out);
var results = {
id: 'perYear',
vulndb: vulnSrc,
results: out
};
// { id: 'perYear',
// vulndb: 'secunia',
// stats:
// { '2002': 481,
// '2003': 2492,
// '2013': 3653 } }
deferred.resolve(results);
}
app.get('/bin/user.js', nocache, function (req, res, next) {
var userfields = 'avatar name bincount created pro settings';
var user = _.pick.apply(_, [req.session.user || {}].concat(userfields.split(' ')));
if (!user.avatar && req.session.user) {
req.session.user.avatar = user.avatar = req.app.locals.gravatar(req.session.user);
}
if (user.avatar) {
user.large_avatar = req.app.locals.gravatar(req.session.user, 120);
}
// all this code is repeated from handler/bin
// and it totally sucks – RS 2016-06-22
var http = req.secure ? 'https' : 'http';
var ssl = req.secure;
var statik = sandbox.helpers.urlForStatic(undefined, ssl);
var root = sandbox.helpers.url('', true, ssl);
var version = sandbox.helpers.set('version');
var runner = sandbox.helpers.runner;
if (statik && statik.indexOf('https') === 0) {
// then ensure the runner is also https
if (runner.indexOf('https') === -1) {
runner = runner.replace(/http/, 'https');
}
}
res.set('content-type', 'text/javascript');
res.render('user', {
version: version,
root: root,
shareRoot: features('vanity', req) ? http + '://' + user.name + '.' + req.app.get('url host') : root,
runner: runner,
static: statik,
user: JSON.stringify(user),
layout: false,
})
});
var normalize = function(vuln){
var data = _.pick.call(null,vuln,vulnFields);
delete data.id;
data.vid = vuln.id;
// data.products=_.map(vuln.products,function(product){
// // return _.pick.call(null,product,productFields);
// return JSON.stringify(product);
// });
data.refs=_.map(vuln.refs,function(ref){
// return _.pick.call(null,ref,refFields);
return ref.url || ref.general;
});
data.refs= _.isEmpty(data.refs) ? undefined : data.refs;
data.cves=_.map(vuln.cves,function(cve){
// return _.pick.call(null,cve,cveFields);
return cve.title;
});
data.cves= _.isEmpty(data.cves) ? undefined : data.cves;
data.releaseDate = data.releaseDate.getTime();
return data;
};
jsbin: function (bin, options) {
var panels = Object.keys(_.pick(bin, 'html', 'javascript', 'css')).filter(function (panel) {
return !!bin[panel].trim();
}).concat('live');
if (!options.metadata) {
options.metadata = {};
}
if (options.metadata.email) {
options.metadata.avatar = utils.gravatar(options.metadata.email);
}
options.metadata = _.pick.apply(_, [options.metadata].concat('archive avatar created last_login name pro summary updated visibility'.split(' ')));
// this value isn't always present in anonymous metadata
options.metadata.last_updated = bin.created;
return {
root: options.root,
runner: this.helpers.runner,
static: options.static || options.root,
version: options.version,
state: {
token: options.token,
stream: false,
streaming: bin.streaming_key ? moment(bin.last_updated).isBefore(moment().add(1, 'd')) : false,
code: bin.url || null,
revision: bin.url ? (bin.revision || 1) : null,
processors: bin.settings.processors || {},
checksum: options.checksum || null,
metadata: options.metadata,
},
settings: options.settings ? _.extend(options.settings, { panels: panels }) : { panels: panels }
};
},
return _.map(table, function(obj) {
// table : [objs] -> obj : Obj -> [objs]
return _.pick.apply(null, construct(obj, keys));
// () -> ArgList[ Obj, key, key, key, ... ] -> Obj (with less keys)
});
pickOptions: function(source) {
var names = OPTIONS.concat(slice.call(arguments, 1));
return source ? _.pick.apply(_, [ source ].concat(names)) : {};
},
return _.map(table, function (obj) {
return _.pick.apply(null, construct(obj, keys));
});
self.request = function(opts) {
// console.log("OPTS",opts);
if (useCache(opts)) {
var cacheData = self.cache[opts.uri];
//If a query has already been made to self URL, don't callback again
if (cacheData) {
// Make sure we actually have cached data, and not just a note
// that the page was already crawled
if (_.isArray(cacheData)) {
self.onContent(null,opts,cacheData[0],true);
} else {
release(opts);
}
return;
}
}
if (opts.debug) {
console.log(opts.method+" "+opts.uri+" ...");
}
// Cloning keeps the opts parameter clean:
// - some versions of "request" apply the second parameter as a
// property called "callback" to the first parameter
// - keeps the query object fresh in case of a retry
// Doing parse/stringify instead of _.clone will do a deep clone and remove functions
var ropts = JSON.parse(JSON.stringify(opts));
if (!ropts.headers) ropts.headers={};
if (ropts.forceUTF8) {
if (!ropts.headers["Accept-Charset"] && !ropts.headers["accept-charset"]) ropts.headers["Accept-Charset"] = 'utf-8;q=0.7,*;q=0.3';
if (!ropts.encoding) ropts.encoding=null;
}
if (typeof ropts.encoding === 'undefined') {
ropts.headers["Accept-Encoding"] = "gzip";
ropts.encoding = null;
}
if (ropts.userAgent) {
ropts.headers["User-Agent"] = ropts.userAgent;
}
if (ropts.proxies && ropts.proxies.length) {
ropts.proxy = ropts.proxies[0];
}
var requestArgs = ["uri","url","qs","method","headers","body","form","json","multipart","followRedirect","followAllRedirects",
"maxRedirects","encoding","pool","timeout","proxy","auth","oauth","strictSSL","jar","aws"];
var req = request(_.pick.apply(this,[ropts].concat(requestArgs)), function(error,response,body) {
if (error) return self.onContent(error, opts);
response.uri = opts.uri;
// Won't be needed after https://github.com/mikeal/request/pull/303 is merged
if (response.headers['content-encoding'] && response.headers['content-encoding'].toLowerCase().indexOf('gzip') >= 0) {
zlib.gunzip(response.body, function (error, body) {
if (error) return self.onContent(error, opts);
if (!opts.forceUTF8) {
response.body = body.toString(req.encoding);
} else {
response.body = body;
}
self.onContent(error,opts,response,false);
});
} else {
self.onContent(error,opts,response,false);
}
});
};
function normalizeQueryResult(result) {
var args = Object.keys(ENTITY_ATTRS).slice();
args.unshift(result);
return _.pick.apply(_, args);
}